Good Practices for Security of IOT
This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT ecosystem, is a fundamental building block for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was highlighted in the ENISA Baseline Security Recommendations study which focused on the security of the IoT ecosystem from a horizontal point of view.
Software lies at the core of every IoT system and service, enabling their functionality and providing value added features. The firmware of IoT devices, implementations of IoT communication protocols and stacks, Operating Systems (OSs) for IoT products, Application Programming Interfaces (APIs) supporting interoperability and connectivity of different IoT services, IoT device drivers, backend IoT cloud and virtualization software, as well as software implementing different IoT service functionalities, are some examples of how software provides essence to IoT. Due consideration to supply chain issues, including integration of software and hardware, is given.